tofa export
Dump every account in the vault as plain-text JSON. Use only for backups or migrating to another tool — the output contains your secrets unencrypted.
Synopsis
tofa export [FLAGS]
Flags
| Flag | Description |
|---|---|
--output <PATH> | Write to a file instead of stdout |
Examples
To stdout:
$ tofa export
Passphrase: ********
{
"version": 1,
"entries": [
{ "id": "GitHub:you", "name": "GitHub:you", "secret": "JBSWY3DPEHPK3PXP", "issuer": "GitHub", ... }
]
}
To a file (recommended — set restrictive permissions immediately):
$ tofa export --output ~/tofa-backup.json
Passphrase: ********
✓ wrote ~/tofa-backup.json (3 accounts)
$ chmod 600 ~/tofa-backup.json
Pipe into another tool (e.g., jq):
tofa export | jq '.entries | length'
Notes
- The output is not encrypted. Treat it like a password file:
chmod 600, store on encrypted media, delete after use. - Format is stable JSON with a
versionfield — safe to keep around for later import.
See also
tofa import— read this format back.- Recipe: import from Aegis / andOTP — same JSON shape.